From a7185605543ae697d6498607136a18acdadfae1c Mon Sep 17 00:00:00 2001
From: Type-kun <workwork-1@yandex.ru>
Date: Sat, 17 Sep 2016 16:42:00 +0500
Subject: [PATCH] Initial support for #2677

---
 app/controllers/dmails_controller.rb |  2 +-
 app/models/dmail.rb                  | 42 ++++++++++++++++++++++++----
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/app/controllers/dmails_controller.rb b/app/controllers/dmails_controller.rb
index 51275da70..f6acf1c1b 100644
--- a/app/controllers/dmails_controller.rb
+++ b/app/controllers/dmails_controller.rb
@@ -59,7 +59,7 @@ class DmailsController < ApplicationController
 
 private
   def check_privilege(dmail)
-    if !dmail.visible_to?(CurrentUser.user)
+    if !dmail.visible_to?(CurrentUser.user, params[:key])
       raise User::PrivilegeError
     end
   end
diff --git a/app/models/dmail.rb b/app/models/dmail.rb
index b3e2924e5..4cb1f2534 100644
--- a/app/models/dmail.rb
+++ b/app/models/dmail.rb
@@ -1,3 +1,5 @@
+require 'digest/sha1'
+
 class Dmail < ActiveRecord::Base
   validates_presence_of :to_id
   validates_presence_of :from_id
@@ -78,6 +80,32 @@ class Dmail < ActiveRecord::Base
     end
   end
 
+  module ApiMethods
+    def hidden_attributes
+      super + [:message_index]
+    end
+    
+    def method_attributes
+      list = [:hash]
+      list
+    end
+    
+    def serializable_hash(options = {})
+      options ||= {}
+      options[:methods] ||= []
+      options[:methods] += method_attributes
+      super(options)
+    end
+    
+    def to_xml(options = {}, &block)
+      # to_xml ignores the serializable_hash method
+      options ||= {}
+      options[:methods] ||= []
+      options[:methods] += method_attributes
+      super(options, &block)
+    end
+  end
+  
   module SearchMethods
     def for(user)
       where("owner_id = ?", user)
@@ -164,6 +192,7 @@ class Dmail < ActiveRecord::Base
 
   include AddressMethods
   include FactoryMethods
+  include ApiMethods
   extend SearchMethods
 
   def validate_sender_is_not_banned
@@ -208,12 +237,13 @@ class Dmail < ActiveRecord::Base
       to.update_attribute(:has_mail, true)
     end
   end
-
-  def visible_to?(user)
-    user.is_moderator? || owner_id == user.id
+  
+  def hash
+    Digest::SHA1.hexdigest("#{title} #{body}")
+  end
+  
+  def visible_to?(user, key)
+    owner_id == user.id || (user.is_moderator? && key == self.hash)
   end
 
-  def hidden_attributes
-    super + [:message_index]
-  end
 end